Microsoft IIS Shared ASP Cache Information Disclosure
Remote / Network Access
Loss of Confidentiality
Microsoft Corporation IIS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when two servers are configured to use the same virtual disk and physical directory, which will disclose ASP cache data from one server to users on the other resulting in a loss of confidentiality.
Upgrade to Service Pack 5 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround:
1. Right-click on the virtual directory and select Properties.
2. Select the Home Directory Property Page.
3. Check Run in Separate Memory Space (isolated process).
4. Stop and the restart the Web Sites.